Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-2700
Vulnerability from csaf_certbund
Published
2023-10-17 22:00
Modified
2023-12-12 23:00
Summary
Atlassian Confluence: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Confluence ist eine kommerzielle Wiki-Software.
Jira ist eine Webanwendung zur Softwareentwicklung.
Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.
Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Confluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nBamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2700 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2700.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2700 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2700"
},
{
"category": "external",
"summary": "Atlassian Security Update vom 2023-10-17",
"url": "https://confluence.atlassian.com/security/security-bulletin-october-17-2023-1299929380.html"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin December 12 2023 vom 2023-12-12",
"url": "https://confluence.atlassian.com/security/security-bulletin-december-12-2023-1319249520.html"
}
],
"source_lang": "en-US",
"title": "Atlassian Confluence: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-12-12T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:00:13.228+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2700",
"initial_release_date": "2023-10-17T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-17T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-12-12T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.2.7",
"product": {
"name": "Atlassian Bamboo \u003c 9.2.7",
"product_id": "1529586",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.2.7"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.2.5 Data Center and Server",
"product": {
"name": "Atlassian Bamboo \u003c 9.2.5 Data Center and Server",
"product_id": "T030667",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.2.5_data_center_and_server"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.3.1 Data Center and Server",
"product": {
"name": "Atlassian Bamboo \u003c 9.3.1 Data Center and Server",
"product_id": "T030668",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.3.1_data_center_and_server"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.3.3 Data Center and Server",
"product": {
"name": "Atlassian Bamboo \u003c 9.3.3 Data Center and Server",
"product_id": "T030669",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.3.3_data_center_and_server"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bamboo \u003c 9.3.5",
"product": {
"name": "Atlassian Bamboo \u003c 9.3.5",
"product_id": "T031324",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.3.5"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.13.1 Data Center and Server",
"product": {
"name": "Atlassian Bitbucket \u003c 8.13.1 Data Center and Server",
"product_id": "T030666",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.13.1_data_center_and_server"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 7.21.18",
"product": {
"name": "Atlassian Bitbucket \u003c 7.21.18",
"product_id": "T031325",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:7.21.18"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.9.7",
"product": {
"name": "Atlassian Bitbucket \u003c 8.9.7",
"product_id": "T031614",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.9.7"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.11.6",
"product": {
"name": "Atlassian Bitbucket \u003c 8.11.6",
"product_id": "T031615",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.11.6"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.12.4",
"product": {
"name": "Atlassian Bitbucket \u003c 8.12.4",
"product_id": "T031616",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.12.4"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.13.3",
"product": {
"name": "Atlassian Bitbucket \u003c 8.13.3",
"product_id": "T031617",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.13.3"
}
}
},
{
"category": "product_name",
"name": "Atlassian Bitbucket \u003c 8.14.2",
"product": {
"name": "Atlassian Bitbucket \u003c 8.14.2",
"product_id": "T031618",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.14.2"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.3.3 Server and Data Center",
"product": {
"name": "Atlassian Confluence \u003c 8.3.3 Server and Data Center",
"product_id": "T030660",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.3.3_server_and_data_center"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.5.2 Server and Data Center",
"product": {
"name": "Atlassian Confluence \u003c 8.5.2 Server and Data Center",
"product_id": "T030662",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.2_server_and_data_center"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.4.3 Server and Data Center",
"product": {
"name": "Atlassian Confluence \u003c 8.4.3 Server and Data Center",
"product_id": "T030663",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.4.3_server_and_data_center"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.3.4",
"product": {
"name": "Atlassian Confluence \u003c 8.3.4",
"product_id": "T030846",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.3.4"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 7.19.17",
"product": {
"name": "Atlassian Confluence \u003c 7.19.17",
"product_id": "T031609",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:7.19.17"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.4.5",
"product": {
"name": "Atlassian Confluence \u003c 8.4.5",
"product_id": "T031610",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.4.5"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.5.4",
"product": {
"name": "Atlassian Confluence \u003c 8.5.4",
"product_id": "T031611",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.4"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.6.2",
"product": {
"name": "Atlassian Confluence \u003c 8.6.2",
"product_id": "T031612",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.6.2"
}
}
},
{
"category": "product_name",
"name": "Atlassian Confluence \u003c 8.7.1",
"product": {
"name": "Atlassian Confluence \u003c 8.7.1",
"product_id": "T031613",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.7.1"
}
}
}
],
"category": "product_name",
"name": "Confluence"
},
{
"branches": [
{
"category": "product_name",
"name": "Atlassian Jira Software \u003c 4.20.27 Service Management Data Center and Server",
"product": {
"name": "Atlassian Jira Software \u003c 4.20.27 Service Management Data Center and Server",
"product_id": "T030664",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:4.20.27_service_management_data_center_and_server"
}
}
},
{
"category": "product_name",
"name": "Atlassian Jira Software \u003c 5.4.11 Service Management Data Center and Server",
"product": {
"name": "Atlassian Jira Software \u003c 5.4.11 Service Management Data Center and Server",
"product_id": "T030665",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:5.4.11_service_management_data_center_and_server"
}
}
},
{
"category": "product_name",
"name": "Atlassian Jira Software \u003c 9.4.13",
"product": {
"name": "Atlassian Jira Software \u003c 9.4.13",
"product_id": "T031606",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:9.4.13"
}
}
},
{
"category": "product_name",
"name": "Atlassian Jira Software Service Management \u003c 4.20.28",
"product": {
"name": "Atlassian Jira Software Service Management \u003c 4.20.28",
"product_id": "T031607",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:service_management__4.20.28"
}
}
},
{
"category": "product_name",
"name": "Atlassian Jira Software Service Management \u003c 5.4.12",
"product": {
"name": "Atlassian Jira Software Service Management \u003c 5.4.12",
"product_id": "T031608",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira_software:service_management__5.4.12"
}
}
}
],
"category": "product_name",
"name": "Jira Software"
}
],
"category": "vendor",
"name": "Atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28709",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-28709"
},
{
"cve": "CVE-2023-25194",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-25194"
},
{
"cve": "CVE-2023-22515",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-22515"
},
{
"cve": "CVE-2023-22514",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-22514"
},
{
"cve": "CVE-2023-1370",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2022-45688",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-45688"
},
{
"cve": "CVE-2022-45685",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-45685"
},
{
"cve": "CVE-2022-42004",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-41906",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-41906"
},
{
"cve": "CVE-2022-40152",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-3509",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-3509"
},
{
"cve": "CVE-2022-3171",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-3171"
},
{
"cve": "CVE-2022-25647",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-25647"
},
{
"cve": "CVE-2021-46877",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2021-46877"
},
{
"cve": "CVE-2021-31684",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2021-31684"
},
{
"cve": "CVE-2021-22569",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2021-22569"
},
{
"cve": "CVE-2020-36518",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2020-36518"
},
{
"cve": "CVE-2020-13936",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2020-13936"
},
{
"cve": "CVE-2019-13990",
"notes": [
{
"category": "description",
"text": "In Atlassian Confluence, Atlassian Jira Software, Atlassian Bitbucket und Atlassian Bamboo existieren mehrere Schwachstellen. Diese Schwachstellen bestehen teilweise in Komponenten von Drittanbietern und sind nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Administratorrechte zu erlangen, Informationen offenzulegen, beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T031324",
"T031610",
"T031612",
"T031325",
"T031611",
"T031614",
"T031613",
"1529586",
"T030846",
"T031616",
"T031615",
"T031607",
"T031618",
"T031606",
"T031617",
"T031609",
"T031608"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2019-13990"
}
]
}
CVE-2022-3171 (GCVE-0-2022-3171)
Vulnerability from cvelistv5
Published
2022-10-12 00:00
Modified
2025-04-21 13:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google LLC | Protocolbuffers |
Version: 3.21.7 < 3.21.7 Version: 3.20.3 < 3.20.3 Version: 3.19.6 < 3.19.6 Version: 3.16.3 < 3.16.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2"
},
{
"name": "FEDORA-2022-25f35ed634",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/"
},
{
"name": "GLSA-202301-09",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202301-09"
},
{
"name": "FEDORA-2022-15729fa33d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T13:36:41.564407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:47:57.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"core and lite"
],
"product": "Protocolbuffers",
"vendor": "Google LLC",
"versions": [
{
"lessThan": "3.21.7",
"status": "affected",
"version": "3.21.7",
"versionType": "custom"
},
{
"lessThan": "3.20.3",
"status": "affected",
"version": "3.20.3",
"versionType": "custom"
},
{
"lessThan": "3.19.6",
"status": "affected",
"version": "3.19.6",
"versionType": "custom"
},
{
"lessThan": "3.16.3",
"status": "affected",
"version": "3.16.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2"
},
{
"name": "FEDORA-2022-25f35ed634",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/"
},
{
"name": "GLSA-202301-09",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202301-09"
},
{
"name": "FEDORA-2022-15729fa33d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Memory handling vulnerability in ProtocolBuffers Java core and lite",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-3171",
"datePublished": "2022-10-12T00:00:00.000Z",
"dateReserved": "2022-09-09T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:47:57.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41906 (GCVE-0-2022-41906)
Vulnerability from cvelistv5
Published
2022-11-11 00:00
Modified
2025-04-23 16:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| opensearch-project | notifications |
Version: >= 2.0.0, < 2.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/opensearch-project/notifications/security/advisories/GHSA-pfc4-3436-jgrw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/opensearch-project/notifications/security/advisories/GHSA-pfc4-3436-jgrw"
},
{
"name": "https://github.com/opensearch-project/notifications/pull/496",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensearch-project/notifications/pull/496"
},
{
"name": "https://github.com/opensearch-project/notifications/pull/507",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensearch-project/notifications/pull/507"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:46:40.674199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:37:45.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "notifications",
"vendor": "opensearch-project",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin\u0027s intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds. \n"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T22:25:08.535Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opensearch-project/notifications/security/advisories/GHSA-pfc4-3436-jgrw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opensearch-project/notifications/security/advisories/GHSA-pfc4-3436-jgrw"
},
{
"name": "https://github.com/opensearch-project/notifications/pull/496",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensearch-project/notifications/pull/496"
},
{
"name": "https://github.com/opensearch-project/notifications/pull/507",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensearch-project/notifications/pull/507"
}
],
"source": {
"advisory": "GHSA-pfc4-3436-jgrw",
"discovery": "UNKNOWN"
},
"title": "OpenSearch Notifications is vulnerable to Server-Side Request Forgery (SSRF) "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41906",
"datePublished": "2022-11-11T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:37:45.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45685 (GCVE-0-2022-45685)
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2025-04-22 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:04.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jettison-json/jettison/issues/54"
},
{
"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3259-1] libjettison-java security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html"
},
{
"name": "DSA-5312",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5312"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T03:12:49.735910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T03:14:28.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/jettison-json/jettison/issues/54"
},
{
"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3259-1] libjettison-java security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html"
},
{
"name": "DSA-5312",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5312"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45685",
"datePublished": "2022-12-13T00:00:00.000Z",
"dateReserved": "2022-11-21T00:00:00.000Z",
"dateUpdated": "2025-04-22T03:14:28.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25647 (GCVE-0-2022-25647)
Vulnerability from cvelistv5
Published
2022-05-01 15:30
Modified
2024-09-17 03:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Deserialization of Untrusted Data
Summary
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | com.google.code.gson:gson |
Version: unspecified < 2.8.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:42:50.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/google/gson/pull/1991"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/google/gson/pull/1991/commits"
},
{
"name": "[debian-lts-announce] 20220513 [SECURITY] [DLA 3001-1] libgoogle-gson-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0009/"
},
{
"name": "[debian-lts-announce] 20220907 [SECURITY] [DLA 3100-1] libgoogle-gson-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html"
},
{
"name": "DSA-5227",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "com.google.code.gson:gson",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.8.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marcono1234"
}
],
"datePublic": "2022-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-07T20:06:16",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/google/gson/pull/1991"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/google/gson/pull/1991/commits"
},
{
"name": "[debian-lts-announce] 20220513 [SECURITY] [DLA 3001-1] libgoogle-gson-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0009/"
},
{
"name": "[debian-lts-announce] 20220907 [SECURITY] [DLA 3100-1] libgoogle-gson-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html"
},
{
"name": "DSA-5227",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5227"
}
],
"title": "Deserialization of Untrusted Data",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-05-01T15:25:25.581039Z",
"ID": "CVE-2022-25647",
"STATE": "PUBLIC",
"TITLE": "Deserialization of Untrusted Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "com.google.code.gson:gson",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.8.9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marcono1234"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327"
},
{
"name": "https://github.com/google/gson/pull/1991",
"refsource": "MISC",
"url": "https://github.com/google/gson/pull/1991"
},
{
"name": "https://github.com/google/gson/pull/1991/commits",
"refsource": "MISC",
"url": "https://github.com/google/gson/pull/1991/commits"
},
{
"name": "[debian-lts-announce] 20220513 [SECURITY] [DLA 3001-1] libgoogle-gson-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220901-0009/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220901-0009/"
},
{
"name": "[debian-lts-announce] 20220907 [SECURITY] [DLA 3100-1] libgoogle-gson-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html"
},
{
"name": "DSA-5227",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-25647",
"datePublished": "2022-05-01T15:30:29.223346Z",
"dateReserved": "2022-02-24T00:00:00",
"dateUpdated": "2024-09-17T03:32:46.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45688 (GCVE-0-2022-45688)
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2025-04-22 03:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:04.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dromara/hutool/issues/2748"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/stleary/JSON-java/issues/708"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45688",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T03:09:42.503666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T03:10:13.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dromara/hutool/issues/2748"
},
{
"url": "https://github.com/stleary/JSON-java/issues/708"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45688",
"datePublished": "2022-12-13T00:00:00.000Z",
"dateReserved": "2022-11-21T00:00:00.000Z",
"dateUpdated": "2025-04-22T03:10:13.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1370 (GCVE-0-2023-1370)
Vulnerability from cvelistv5
Published
2023-03-13 09:04
Modified
2025-02-27 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-674 - Uncontrolled Recursion
Summary
[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib.
When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively.
It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| json-smart | json-smart |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:10.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1370",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T19:09:38.903630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T19:09:50.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://mvnrepository.com",
"packageName": "net.minidev:json-smart",
"product": "json-smart",
"vendor": "json-smart",
"versions": [
{
"lessThan": "2.4.9",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib.\u003c/p\u003e\u003cp\u003eWhen reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, the code parses an array or an object respectively.\u003c/p\u003e\u003cp\u003eIt was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.\u003c/p\u003e"
}
],
"value": "[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib.\n\nWhen reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, the code parses an array or an object respectively.\n\nIt was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:09.457Z",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON"
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2023-1370",
"datePublished": "2023-03-13T09:04:36.365Z",
"dateReserved": "2023-03-13T08:35:00.695Z",
"dateUpdated": "2025-02-27T19:09:50.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28709 (GCVE-0-2023-28709)
Vulnerability from cvelistv5
Published
2023-05-22 10:08
Modified
2025-02-13 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-193 - Off-by-one Error
Summary
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Version: 11.0.0-M2 ≤ 11.0.0-M4 Version: 10.1.5 ≤ 10.1.7 Version: 9.0.71 ≤ 9.0.73 Version: 8.5.85 ≤ 8.5.87 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/22/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-37"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230616-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T15:15:57.637239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T18:13:44.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.0-M4",
"status": "affected",
"version": "11.0.0-M2",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.7",
"status": "affected",
"version": "10.1.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.73",
"status": "affected",
"version": "9.0.71",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.87",
"status": "affected",
"version": "8.5.85",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chenwei Jiang, Chenfeng Nie and Yue Yang from the Huawei Nebula Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eThe fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount\u0026nbsp;could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ein the query string, the limit for uploaded request parts could be\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ebypassed with the potential for a denial of service to occur.\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount\u00a0could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters\u00a0in the query string, the limit for uploaded request parts could be\u00a0bypassed with the potential for a denial of service to occur."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T06:06:25.936Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/05/22/1"
},
{
"url": "https://security.gentoo.org/glsa/202305-37"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230616-0004/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5521"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: Fix for CVE-2023-24998 is incomplete",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-28709",
"datePublished": "2023-05-22T10:08:49.541Z",
"dateReserved": "2023-03-21T17:28:47.353Z",
"dateUpdated": "2025-02-13T16:48:49.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13936 (GCVE-0-2020-13936)
Vulnerability from cvelistv5
Published
2021-03-10 08:00
Modified
2025-02-13 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Velocity Sandbox Bypass
Summary
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Velocity Engine |
Version: Apache Velocity Engine < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
},
{
"name": "[velocity-user] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
},
{
"name": "[velocity-commits] 20210310 [velocity-site] 01/01: CVE announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6%40%3Ccommits.velocity.apache.org%3E"
},
{
"name": "[oss-security] 20210309 CVE-2020-13936: Velocity Sandbox Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/10/1"
},
{
"name": "[announce] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6%40%3Cannounce.apache.org%3E"
},
{
"name": "[druid-commits] 20210316 [GitHub] [druid] clintropolis opened a new pull request #11002: suppress CVE check for security fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2595-1] velocity security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html"
},
{
"name": "[ws-dev] 20210318 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210318 [jira] [Created] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210319 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210319 [jira] [Comment Edited] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210322 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[santuario-dev] 20210323 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #33: Bump dependency-check-maven from 6.1.2 to 6.1.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "[ws-dev] 20210324 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210325 [jira] [Updated] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210325 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[turbine-commits] 20210329 svn commit: r1888167 - /turbine/core/trunk/pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7%40%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[ws-dev] 20210331 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210401 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436%40%3Cdev.ws.apache.org%3E"
},
{
"name": "GLSA-202107-52",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-52"
},
{
"name": "[activemq-users] 20210830 Security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E"
},
{
"name": "[activemq-users] 20210831 RE: Security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Velocity Engine",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.2",
"status": "affected",
"version": "Apache Velocity Engine",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Alvaro Munoz pwntester@github.com of Github Security Labs and was originally reported as GHSL-2020-048."
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Velocity Sandbox Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T12:34:05.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
},
{
"name": "[velocity-user] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
},
{
"name": "[velocity-commits] 20210310 [velocity-site] 01/01: CVE announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6%40%3Ccommits.velocity.apache.org%3E"
},
{
"name": "[oss-security] 20210309 CVE-2020-13936: Velocity Sandbox Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/10/1"
},
{
"name": "[announce] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6%40%3Cannounce.apache.org%3E"
},
{
"name": "[druid-commits] 20210316 [GitHub] [druid] clintropolis opened a new pull request #11002: suppress CVE check for security fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2595-1] velocity security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html"
},
{
"name": "[ws-dev] 20210318 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210318 [jira] [Created] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210319 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210319 [jira] [Comment Edited] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210322 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[santuario-dev] 20210323 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #33: Bump dependency-check-maven from 6.1.2 to 6.1.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "[ws-dev] 20210324 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210325 [jira] [Updated] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210325 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[turbine-commits] 20210329 svn commit: r1888167 - /turbine/core/trunk/pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7%40%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[ws-dev] 20210331 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad%40%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210401 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436%40%3Cdev.ws.apache.org%3E"
},
{
"name": "GLSA-202107-52",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-52"
},
{
"name": "[activemq-users] 20210830 Security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E"
},
{
"name": "[activemq-users] 20210831 RE: Security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Velocity Sandbox Bypass",
"workarounds": [
{
"lang": "en",
"value": "Applications using Apache Velocity that allow untrusted users to upload templates should upgrade to version 2.3. This version adds additional default restrictions on what methods/properties can be accessed in a template."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-13936",
"STATE": "PUBLIC",
"TITLE": "Velocity Sandbox Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Velocity Engine",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache Velocity Engine",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Alvaro Munoz pwntester@github.com of Github Security Labs and was originally reported as GHSL-2020-048."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Velocity Sandbox Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E"
},
{
"name": "[velocity-user] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a@%3Cuser.velocity.apache.org%3E"
},
{
"name": "[velocity-commits] 20210310 [velocity-site] 01/01: CVE announcement",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6@%3Ccommits.velocity.apache.org%3E"
},
{
"name": "[oss-security] 20210309 CVE-2020-13936: Velocity Sandbox Bypass",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/03/10/1"
},
{
"name": "[announce] 20210310 CVE-2020-13936: Velocity Sandbox Bypass",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6@%3Cannounce.apache.org%3E"
},
{
"name": "[druid-commits] 20210316 [GitHub] [druid] clintropolis opened a new pull request #11002: suppress CVE check for security fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2595-1] velocity security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html"
},
{
"name": "[ws-dev] 20210318 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726@%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210318 [jira] [Created] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340@%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210319 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7@%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210319 [jira] [Comment Edited] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058@%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210322 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c@%3Cdev.ws.apache.org%3E"
},
{
"name": "[santuario-dev] 20210323 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #33: Bump dependency-check-maven from 6.1.2 to 6.1.3",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4@%3Cdev.santuario.apache.org%3E"
},
{
"name": "[ws-dev] 20210324 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da@%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210325 [jira] [Updated] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9@%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210325 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245@%3Cdev.ws.apache.org%3E"
},
{
"name": "[turbine-commits] 20210329 svn commit: r1888167 - /turbine/core/trunk/pom.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7@%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[ws-dev] 20210331 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad@%3Cdev.ws.apache.org%3E"
},
{
"name": "[ws-dev] 20210401 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436@%3Cdev.ws.apache.org%3E"
},
{
"name": "GLSA-202107-52",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-52"
},
{
"name": "[activemq-users] 20210830 Security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882@%3Cusers.activemq.apache.org%3E"
},
{
"name": "[activemq-users] 20210831 RE: Security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328@%3Cusers.activemq.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Applications using Apache Velocity that allow untrusted users to upload templates should upgrade to version 2.3. This version adds additional default restrictions on what methods/properties can be accessed in a template."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-13936",
"datePublished": "2021-03-10T08:00:19.000Z",
"dateReserved": "2020-06-08T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:29.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3509 (GCVE-0-2022-3509)
Vulnerability from cvelistv5
Published
2022-11-01 18:09
Modified
2025-04-22 15:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ProtocolBuffers |
Version: 3.21.0 ≤ Version: 3.20.0 ≤ Version: 3.19.0 ≤ Version: 3.16.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:09:47.292910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:10:13.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "ProtocolBuffers",
"repo": "https://github.com/protocolbuffers/protobuf/",
"vendor": "Google",
"versions": [
{
"lessThan": "3.21.7",
"status": "affected",
"version": "3.21.0",
"versionType": "semver"
},
{
"lessThan": "3.20.3",
"status": "affected",
"version": "3.20.0",
"versionType": "semver"
},
{
"lessThan": "3.19.6",
"status": "affected",
"version": "3.19.0",
"versionType": "semver"
},
{
"lessThan": "3.16.3",
"status": "affected",
"version": "3.16.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.\u003c/span\u003e"
}
],
"value": "A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T12:11:04.548Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Parsing issue in protobuf textformat",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-3509",
"datePublished": "2022-11-01T18:09:31.634Z",
"dateReserved": "2022-10-14T13:51:45.771Z",
"dateUpdated": "2025-04-22T15:10:13.149Z",
"requesterUserId": "0482d1dc-86d9-41dd-bdd2-3f4c4834e1b3",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22515 (GCVE-0-2023-22515)
Vulnerability from cvelistv5
Published
2023-10-04 14:00
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- BASM (Broken Authentication & Session Management)
Summary
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Atlassian | Confluence Data Center |
Version: >= 8.0.0 Version: >= 8.0.1 Version: >= 8.0.2 Version: >= 8.0.3 Version: >= 8.1.3 Version: >= 8.1.4 Version: >= 8.2.0 Version: >= 8.2.1 Version: >= 8.2.2 Version: >= 8.2.3 Version: >= 8.3.0 Version: >= 8.3.1 Version: >= 8.3.2 Version: >= 8.4.0 Version: >= 8.4.1 Version: >= 8.4.2 Version: >= 8.5.0 Version: >= 8.5.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515"
},
{
"tags": [
"x_transferred"
],
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-92475"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "confluence_data_center",
"vendor": "atlassian",
"versions": [
{
"lessThan": "8.3.3",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "confluence_data_center",
"vendor": "atlassian",
"versions": [
{
"lessThan": "8.4.3",
"status": "affected",
"version": "8.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "confluence_data_center",
"vendor": "atlassian",
"versions": [
{
"lessThan": "8.5.2",
"status": "affected",
"version": "8.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "confluence_server",
"vendor": "atlassian",
"versions": [
{
"lessThan": "8.3.3",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "confluence_server",
"vendor": "atlassian",
"versions": [
{
"lessThan": "8.4.3",
"status": "affected",
"version": "8.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "confluence_server",
"vendor": "atlassian",
"versions": [
{
"lessThan": "8.5.2",
"status": "affected",
"version": "8.5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22515",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-09T05:05:17.297744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-05",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-22515"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:15.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-05T00:00:00+00:00",
"value": "CVE-2023-22515 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Confluence Data Center",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 8.0.0"
},
{
"status": "affected",
"version": "\u003e= 8.0.0"
},
{
"status": "affected",
"version": "\u003e= 8.0.1"
},
{
"status": "affected",
"version": "\u003e= 8.0.2"
},
{
"status": "affected",
"version": "\u003e= 8.0.3"
},
{
"status": "affected",
"version": "\u003e= 8.1.3"
},
{
"status": "affected",
"version": "\u003e= 8.1.4"
},
{
"status": "affected",
"version": "\u003e= 8.2.0"
},
{
"status": "affected",
"version": "\u003e= 8.2.1"
},
{
"status": "affected",
"version": "\u003e= 8.2.2"
},
{
"status": "affected",
"version": "\u003e= 8.2.3"
},
{
"status": "affected",
"version": "\u003e= 8.3.0"
},
{
"status": "affected",
"version": "\u003e= 8.3.1"
},
{
"status": "affected",
"version": "\u003e= 8.3.2"
},
{
"status": "affected",
"version": "\u003e= 8.4.0"
},
{
"status": "affected",
"version": "\u003e= 8.4.1"
},
{
"status": "affected",
"version": "\u003e= 8.4.2"
},
{
"status": "affected",
"version": "\u003e= 8.5.0"
},
{
"status": "affected",
"version": "\u003e= 8.5.1"
},
{
"status": "unaffected",
"version": "\u003e= 8.3.3"
},
{
"status": "unaffected",
"version": "\u003e= 8.4.3"
},
{
"status": "unaffected",
"version": "\u003e= 8.5.2"
}
]
},
{
"product": "Confluence Server",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 8.0.0"
},
{
"status": "affected",
"version": "\u003e= 8.0.0"
},
{
"status": "affected",
"version": "\u003e= 8.0.1"
},
{
"status": "affected",
"version": "\u003e= 8.0.2"
},
{
"status": "affected",
"version": "\u003e= 8.0.3"
},
{
"status": "affected",
"version": "\u003e= 8.1.3"
},
{
"status": "affected",
"version": "\u003e= 8.1.4"
},
{
"status": "affected",
"version": "\u003e= 8.2.0"
},
{
"status": "affected",
"version": "\u003e= 8.2.1"
},
{
"status": "affected",
"version": "\u003e= 8.2.2"
},
{
"status": "affected",
"version": "\u003e= 8.2.3"
},
{
"status": "affected",
"version": "\u003e= 8.3.0"
},
{
"status": "affected",
"version": "\u003e= 8.3.1"
},
{
"status": "affected",
"version": "\u003e= 8.3.2"
},
{
"status": "affected",
"version": "\u003e= 8.4.0"
},
{
"status": "affected",
"version": "\u003e= 8.4.1"
},
{
"status": "affected",
"version": "\u003e= 8.4.2"
},
{
"status": "affected",
"version": "\u003e= 8.5.0"
},
{
"status": "affected",
"version": "\u003e= 8.5.1"
},
{
"status": "unaffected",
"version": "\u003e= 8.3.3"
},
{
"status": "unaffected",
"version": "\u003e= 8.4.3"
},
{
"status": "unaffected",
"version": "\u003e= 8.5.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "an Atlassian customer"
}
],
"descriptions": [
{
"lang": "en",
"value": "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. \r\n\r\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. "
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "BASM (Broken Authentication \u0026 Session Management)",
"lang": "en",
"type": "BASM (Broken Authentication \u0026 Session Management)"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T16:00:01.026Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html"
},
{
"url": "https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515"
},
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276"
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-92475"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2023-22515",
"datePublished": "2023-10-04T14:00:00.820Z",
"dateReserved": "2023-01-01T00:01:22.331Z",
"dateUpdated": "2025-07-30T01:37:15.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22569 (GCVE-0-2021-22569)
Vulnerability from cvelistv5
Published
2022-01-07 00:00
Modified
2025-04-21 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-696 - Incorrect Behavior Order
Summary
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Google LLC | protobuf-java |
Version: unspecified < 3.16.1 Version: unspecified < 3.18.2 Version: unspecified < 3.19.2 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/support/bulletins#gcp-2022-001"
},
{
"name": "[oss-security] 20220112 CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/12/4"
},
{
"name": "[oss-security] 20220112 Re: CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/12/7"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22569",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T13:40:37.923955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:57:08.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "protobuf-java",
"vendor": "Google LLC",
"versions": [
{
"lessThan": "3.16.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.18.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.19.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "protobuf-kotlin",
"vendor": "Google LLC",
"versions": [
{
"lessThan": "3.18.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "3.19.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "google-protobuf [JRuby Gem]",
"vendor": "Google LLC",
"versions": [
{
"lessThan": "3.19.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OSS-Fuzz - https://github.com/google/oss-fuzz"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-696",
"description": "CWE-696 Incorrect Behavior Order",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T00:00:00.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330"
},
{
"url": "https://cloud.google.com/support/bulletins#gcp-2022-001"
},
{
"name": "[oss-security] 20220112 CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/12/4"
},
{
"name": "[oss-security] 20220112 Re: CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/12/7"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Denial of Service of protobuf-java parsing procedure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2021-22569",
"datePublished": "2022-01-07T00:00:00.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:57:08.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40152 (GCVE-0-2022-40152)
Vulnerability from cvelistv5
Published
2022-09-16 10:00
Modified
2025-04-21 13:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/x-stream/xstream/issues/304"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40152",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T13:39:21.316042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:49:26.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Woodstox",
"vendor": "xstream",
"versions": [
{
"lessThan": "6.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "5.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-25T00:00:00.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/x-stream/xstream/issues/304"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Stack Buffer Overflow in Woodstox",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-40152",
"datePublished": "2022-09-16T10:00:22.101Z",
"dateReserved": "2022-09-07T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:49:26.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42003 (GCVE-0-2022-42003)
Vulnerability from cvelistv5
Published
2022-10-02 00:00
Modified
2024-08-03 12:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:39.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/3590"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
},
{
"name": "GLSA-202210-21",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T09:33:08.256001",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FasterXML/jackson-databind/issues/3590"
},
{
"url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
},
{
"name": "GLSA-202210-21",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42003",
"datePublished": "2022-10-02T00:00:00",
"dateReserved": "2022-10-02T00:00:00",
"dateUpdated": "2024-08-03T12:56:39.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46877 (GCVE-0-2021-46877)
Vulnerability from cvelistv5
Published
2023-03-18 00:00
Modified
2025-02-26 19:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/3328"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-46877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T15:58:50.704463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T19:02:21.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw"
},
{
"url": "https://github.com/FasterXML/jackson-databind/issues/3328"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46877",
"datePublished": "2023-03-18T00:00:00.000Z",
"dateReserved": "2023-03-18T00:00:00.000Z",
"dateUpdated": "2025-02-26T19:02:21.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36518 (GCVE-0-2020-36518)
Vulnerability from cvelistv5
Published
2022-03-11 00:00
Modified
2025-05-01 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2816"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220506-0004/"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": ""
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T03:55:10.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-27T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FasterXML/jackson-databind/issues/2816"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220506-0004/"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36518",
"datePublished": "2022-03-11T00:00:00.000Z",
"dateReserved": "2022-03-11T00:00:00.000Z",
"dateUpdated": "2025-05-01T03:55:10.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22514 (GCVE-0-2023-22514)
Vulnerability from cvelistv5
Published
2025-03-18 17:03
Modified
2025-05-12 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- RCE (Remote Code Execution)
Summary
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows.
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H which allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.
Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
Sourcetree for Mac and Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.15
See the release notes (https://www.sourcetreeapp.com/download-archives). You can download the latest version of Sourcetree for Mac and Sourcetree for Windows from the download center (https://www.sourcetreeapp.com/download-archives).
This vulnerability was reported via our Penetration Testing program.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Atlassian | Sourcetree for Mac |
Version: >= 3.4.14 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T15:40:08.894218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:40:34.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sourcetree for Mac",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 3.4.14"
},
{
"status": "affected",
"version": "\u003e= 3.4.14"
},
{
"status": "unaffected",
"version": "\u003e= 3.4.15"
}
]
},
{
"product": "Sourcetree for Windows",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 3.4.14"
},
{
"status": "affected",
"version": "\u003e= 3.4.14"
},
{
"status": "unaffected",
"version": "\u003e= 3.4.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. \r\n\t\r\n\tThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H which allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. \r\n\t\r\n\tAtlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\r\n\t\t\r\n\t\tSourcetree for Mac and Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.15\r\n\t\t\r\n\t\t\r\n\t\r\n\tSee the release notes (https://www.sourcetreeapp.com/download-archives). You can download the latest version of Sourcetree for Mac and Sourcetree for Windows from the download center (https://www.sourcetreeapp.com/download-archives). \r\n\t\r\n\tThis vulnerability was reported via our Penetration Testing program."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE (Remote Code Execution)",
"lang": "en",
"type": "RCE (Remote Code Execution)"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T17:03:59.441Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1299929380"
},
{
"url": "https://jira.atlassian.com/browse/SRCTREE-8076"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2023-22514",
"datePublished": "2025-03-18T17:03:59.441Z",
"dateReserved": "2023-01-01T00:01:22.330Z",
"dateUpdated": "2025-05-12T15:40:34.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31684 (GCVE-0-2021-31684)
Vulnerability from cvelistv5
Published
2021-06-01 00:00
Modified
2024-08-03 23:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-31684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:29:15.371021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:29:24.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netplex/json-smart-v1/issues/10"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netplex/json-smart-v1/pull/11"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netplex/json-smart-v2/issues/67"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netplex/json-smart-v2/pull/68"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20230331 [SECURITY] [DLA 3373-1] json-smart security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:27.758330",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/netplex/json-smart-v1/issues/10"
},
{
"url": "https://github.com/netplex/json-smart-v1/pull/11"
},
{
"url": "https://github.com/netplex/json-smart-v2/issues/67"
},
{
"url": "https://github.com/netplex/json-smart-v2/pull/68"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20230331 [SECURITY] [DLA 3373-1] json-smart security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00030.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31684",
"datePublished": "2021-06-01T00:00:00",
"dateReserved": "2021-04-23T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13990 (GCVE-0-2019-13990)
Vulnerability from cvelistv5
Published
2019-07-26 00:00
Modified
2024-10-15 18:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:44.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[tomee-dev] 20190830 Re: Quartz CVE-2019-13990",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190830 Quartz CVE-2019-13990",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190908 Re: Quartz CVE-2019-13990",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20190908 svn commit: r1866633 - /tomee/deps/trunk/quartz-openejb-shade/pom.xml",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190923 Re: [VOTE] Release quartz-openejb-shade 2.2.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/quartz-scheduler/quartz/issues/467"
},
{
"name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-13990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:36:32.053865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:22:20.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-28T05:44:55.522130",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[tomee-dev] 20190830 Re: Quartz CVE-2019-13990",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190830 Quartz CVE-2019-13990",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190908 Re: Quartz CVE-2019-13990",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20190908 svn commit: r1866633 - /tomee/deps/trunk/quartz-openejb-shade/pom.xml",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190923 Re: [VOTE] Release quartz-openejb-shade 2.2.4",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://github.com/quartz-scheduler/quartz/issues/467"
},
{
"name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0002/"
},
{
"url": "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13990",
"datePublished": "2019-07-26T00:00:00",
"dateReserved": "2019-07-19T00:00:00",
"dateUpdated": "2024-10-15T18:22:20.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25194 (GCVE-0-2023-25194)
Vulnerability from cvelistv5
Published
2023-02-07 19:11
Modified
2025-03-25 14:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
A possible security vulnerability has been identified in Apache Kafka Connect API.
This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config
and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.
When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config`
property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the
`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.
This will allow the server to connect to the attacker's LDAP server
and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.
Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath.
Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box
configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector
client override policy that permits them.
Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage
in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka Connect 3.4.0.
We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for
vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,
in addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector
client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Kafka Connect API |
Version: 2.3.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://kafka.apache.org/cve-list"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173151/Apache-Druid-JNDI-Injection-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-25194",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T14:12:44.371635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T14:12:50.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Kafka Connect API",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.4.0",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Apache Kafka would like to thank to Jari J\u00e4\u00e4skel\u00e4 (https://hackerone.com/reports/1529790) and 4ra1n and Y4tacker (they found vulnerabilities in other Apache projects. After discussion between PMC of the two projects, it was finally confirmed that it was the vulnerability of Kafka then they reported it to us)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A possible security vulnerability has been identified in Apache Kafka Connect API.\u003cbr\u003eThis requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\u003cbr\u003eand a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.\u003cbr\u003eWhen configuring the connector via the Kafka Connect REST API, an\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated operator\u003c/span\u003e\u0026nbsp;can set the \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e`sasl.jaas.config`\u003cbr\u003e\u003c/span\u003eproperty for any of the connector\u0027s Kafka clients\u0026nbsp;to \"com.sun.security.auth.module.JndiLoginModule\", which can be done via the\u003cbr\u003e`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\u003cbr\u003eThis will allow the server to connect to the attacker\u0027s LDAP server\u003cbr\u003eand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\u003cbr\u003eAttacker can cause \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eunrestricted deserialization of untrusted data (or)\u0026nbsp;\u003c/span\u003eRCE vulnerability when there are gadgets in the classpath.\u003cbr\u003e\u003cbr\u003eSince Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box\u003cbr\u003econfigurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector\u003cbr\u003eclient override policy that permits them.\u003cbr\u003e\u003cbr\u003eSince Apache Kafka 3.4.0, we have added a system property (\"-Dorg.apache.kafka.disallowed.login.modules\") to disable the problematic login modules usage\u003cbr\u003ein SASL JAAS configuration. Also by default \"com.sun.security.auth.module.JndiLoginModule\" is disabled in Apache Kafka Connect 3.4.0. \u003cbr\u003e\u003cbr\u003eWe advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for \u003cbr\u003evulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein addition to leveraging the \"org.apache.kafka.disallowed.login.modules\" system property, Kafka Connect users can also implement their own connector\u003cbr\u003eclient config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A possible security vulnerability has been identified in Apache Kafka Connect API.\nThis requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\nand a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.\nWhen configuring the connector via the Kafka Connect REST API, an\u00a0authenticated operator\u00a0can set the `sasl.jaas.config`\nproperty for any of the connector\u0027s Kafka clients\u00a0to \"com.sun.security.auth.module.JndiLoginModule\", which can be done via the\n`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\nThis will allow the server to connect to the attacker\u0027s LDAP server\nand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\nAttacker can cause unrestricted deserialization of untrusted data (or)\u00a0RCE vulnerability when there are gadgets in the classpath.\n\nSince Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box\nconfigurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector\nclient override policy that permits them.\n\nSince Apache Kafka 3.4.0, we have added a system property (\"-Dorg.apache.kafka.disallowed.login.modules\") to disable the problematic login modules usage\nin SASL JAAS configuration. Also by default \"com.sun.security.auth.module.JndiLoginModule\" is disabled in Apache Kafka Connect 3.4.0. \n\nWe advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for \nvulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,\nin addition to leveraging the \"org.apache.kafka.disallowed.login.modules\" system property, Kafka Connect users can also implement their own connector\nclient config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-21T11:35:25.117Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://kafka.apache.org/cve-list"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz"
},
{
"url": "http://packetstormsecurity.com/files/173151/Apache-Druid-JNDI-Injection-Remote-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-25194",
"datePublished": "2023-02-07T19:11:22.260Z",
"dateReserved": "2023-02-05T16:20:53.202Z",
"dateUpdated": "2025-03-25T14:12:50.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42004 (GCVE-0-2022-42004)
Vulnerability from cvelistv5
Published
2022-10-02 00:00
Modified
2024-08-03 12:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:39.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/3582"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"
},
{
"name": "GLSA-202210-21",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0008/"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-27T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FasterXML/jackson-databind/issues/3582"
},
{
"url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"
},
{
"name": "GLSA-202210-21",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221118-0008/"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42004",
"datePublished": "2022-10-02T00:00:00",
"dateReserved": "2022-10-02T00:00:00",
"dateUpdated": "2024-08-03T12:56:39.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…